packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ImageMagick/CVE-2020-29599-1.patch
wangxiao65 519aa12fe2 fix CVE-2020-29599
2021-01-12 17:00:23 +08:00

72 lines
2.2 KiB
Diff
Raw Blame History

From a7b2d8328c539da6e79a118a0b8e97462c7daa77 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 10 Nov 2019 14:53:23 -0500
Subject: [PATCH] Santize ';' from SHOW and WIN delegates
---
magick/delegate.c | 26 +++++++++++++++++++++++++-
magick/string.c | 4 ++--
2 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/magick/delegate.c b/magick/delegate.c
index 37cd77b39..4fec87fc6 100644
--- a/magick/delegate.c
+++ b/magick/delegate.c
@@ -507,6 +507,30 @@ MagickExport int ExternalDelegateCommand(const MagickBooleanType asynchronous,
%
*/
+static char *SanitizeDelegateString(const char *source)
+{
+ char
+ *sanitize_source;
+
+ const char
+ *q;
+
+ register char
+ *p;
+
+ static char
+ whitelist[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
+ "$-_.+!*'(),{}|\\^~[]`\"><#%/?:@&=";
+
+ sanitize_source=AcquireString(source);
+ p=sanitize_source;
+ q=sanitize_source+strlen(sanitize_source);
+ for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
+ *p='_';
+ return(sanitize_source);
+}
+
static char *GetMagickPropertyLetter(const ImageInfo *image_info,Image *image,
const char letter)
{
@@ -918,7 +942,7 @@ static char *GetMagickPropertyLetter(const ImageInfo *image_info,Image *image,
break;
}
}
- return(SanitizeString(string));
+ return(SanitizeDelegateString(string));
}
static char *InterpretDelegateProperties(const ImageInfo *image_info,
diff --git a/magick/string.c b/magick/string.c
index 828f12a0c..1e4ae55cb 100644
--- a/magick/string.c
+++ b/magick/string.c
@@ -1588,10 +1588,10 @@ MagickExport void ResetStringInfo(StringInfo *string_info)
% %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
-% SanitizeString() returns an new string removes all characters except
+% SanitizeString() returns a new string removes all characters except
% letters, digits and !#$%&'*+-=?^_`{|}~@.[].
%
-% The returned string shoud be freed using DestoryString().
+% Free the sanitized string with DestroyString().
%
% The format of the SanitizeString method is:
%
Reference in New Issue View Git Blame Copy Permalink